[Freeipa-users] FreeIPA password sync one direction only (Windows DC -> IPA)
Rich Megginson
rmeggins at redhat.com
Fri May 17 15:39:27 UTC 2013
On 05/17/2013 09:26 AM, Steve Dainard wrote:
> Hello,
>
> We're running a single IPA server (CentOS 6) on our network as a side
> project for some testing before we implement.
>
> It had been a significant period of time since I had last logged into
> the web interface, so I had to kinit from a client machine (of which I
> had logged into successfully with my domain password), at which point
> I was requested to change my password. After the password change I
> RDP'd into a Windows machine on our domain and realized the password
> had not been updated on the domain controller.
>
> Is the password sync feature with an external source such as Active
> Directory supposed to be two-way? If so where can I start
> troubleshooting this issue?
Are you talking about a windows sync agreement you set up with
ipa-replica-manage?
If so, yes, the password sync is supposed to be two-way.
Try this:
turn on the replication log level
http://port389.org/wiki/FAQ#Troubleshooting
change your IPA password
turn off the replication log level
http://port389.org/wiki/FAQ#Troubleshooting
see if you can use your new password in AD
The 389 errors log in /var/log/dirsrv/slapd-YOUR-DOMAIN/errors may
contain a clue.
>
> Thanks,
>
>
>
> Steve Dainard
> Infrastructure Manager
> Miovision Technologies Inc.
>
>
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20130517/18b7b34f/attachment.htm>
More information about the Freeipa-users
mailing list